Systems and methods for managing database authentication and sessions

ABSTRACT

Systems and methods enable remote (or “off-campus”) users complete authorized access to full-record content of 3rd-party databases subscribed to by the user&#39;s institution. More particularly, the present invention relates to a method and system that acts as a transparent conduit between the user and a remote database, managing relevant session/context information without the user&#39;s awareness and without the need for users to install plug-ins or configure browser proxies.

This application is a continuation-in-part of co-pending U.S.application Ser. No. 10/969,112 filed, Oct. 19, 2004, which is adivisional of U.S. Pat. No. 10/669,312 filed Sep. 23, 2003, now U.S.Pat. No. 6,807,539 which claims the benefit of U.S. application Ser. No.09/844,787 filed, Apr. 27, 2001 which claims priority under 35 U.S.C.§119 from co-pending U.S. Provisional Patent Application Ser. No.60/200,044 filed on Apr. 27, 2000, the disclosure of which is herebyincorporated by reference in its entirety for all purposes.

FIELD OF THE INVENTION

The field of the invention is electronic information storage andretrieval.

BACKGROUND

The introduction of the Internet and the World Wide Web (“Web”) has madea voluminous amount of information available to people having access tothe Web. The Web has effectively made libraries virtual in the sensethat physical volumes are no longer required to reside in a singlephysical location. At present, some 80+million digital forms ofpublications have been tied to the Web, representing trillions of pagesof information. While the amount of information which appears to beavailable through the Web is staggering, the reality is that themajority of research-quality information is completely inaccessibleusing conventional information search tools such as a general-purposesearch engine.

Certain information is not available via the Web using conventionalinformation search tools such as Google, because such informationresides on commercial web-interfaced databases and information sourceswhose content cannot be accessed with a traditional search engines. Arecent development in information technology is the “Federated SearchEngine” which enables users to simultaneously search multiple disparateinformation sources containing research quality information unavailablethrough traditional search engines such as Google.

The content of these databases is usually offered on a paid basis, andis restricted by an authentication and session management mechanism. Theauthentication mechanisms are frequently complex, and typically involvesome combination of IP (Internet Protocol) recognition, referrer URL,alternate URL, SSL, username/password, proprietary schemes, or somecombination of these methods. In order to access this information, auser is typically required to subscribe to this commercial informationsource, authenticate to obtain access to the website, and then query theinformation using the information source's own proprietary searchmechanism.

Once a user receives results from a query, these are normally in theform of citations or some other index, or abridged record. Typically,the user will request the full record referenced by these citations byclicking on a HTML link presented within the record. Once the fullrecord is requested, the proprietary search engine used by theinformation source retrieves the requested full record associated withthe citation. In order to accomplish this, this information is retrievedwithin the context of a session which has been initiated by the searchengine. If the session is interrupted, it is not possible to retrievethe full record.

A significant problem encountered in the course of attempting to performa federated search against the commercial information sources describedis the ability to transparently authenticate the user simultaneouslyinto multiple information sources. Additionally, it is especiallydifficult to maintain the context-sensitive session required to retrievefull records associated with the citations or abridged record resultsretrieved in the federated search query. Finally, because of thedifficulty incurred in managing authentication and context-sensitivesessions, it is difficult to display the full record within its truenative interface, with all native functionality intact, such as links,and various features and functions, such as the ability to refine asearch query, email, print, or save results, or to perform advancednative functions.

A related problem is one of diagnosing user session malfunctions causedby network configuration problems, firewall configuration problems,proxy problems, etc. Diagnosing these database session malfunctions isnormally a time-consuming manual process. A further related problem isone of user/database browser mismatches, where certain databases areincompatible with the growing variety of web browsers.

Finally, tracking and reporting granular session-context-sensitive usageinformation across multiple databases is an extremely time-consumingprocess, requiring subscribers to these databases to request andnormalize reports from dozens or hundreds of different database contentproviders. These reports track and report inconsistent metrics withnon-standard labels and definitions.

SUMMARY OF THE INVENTION

The present invention provides systems and methods that enable remote(“off-campus”) users authorized access to full-record content of3rd-party databases.

In preferred embodiments, the methods and systems act as a transparentconduit between the user and a remote database, managing relevantsession/context information without the user's awareness, and withoutthe need for users to install plug-ins or configure browser proxies. Inespecially preferred embodiments the access to any of the multipledatabases is as complete as it would be if the user were individuallyaccessing the databases.

Contemplated methods and systems could be applied to many differentenvironments, but can be especially useful for schools and libraries,government agencies, larger companies, and other institutions thatsubscribe to multiple fees for service databases.

According to one aspect of the inventive subject matter, specializedauthentication and session management software (ASM software) managesand uses a search context to enable the user's access to the full nativedatabase experience. This context includes not only authorizationinformation confirming the user's right to access the databasefull-record information, but other contextual elements necessary toproperly manage the user's access to, and navigation in, the databaseresources.

According to another aspect, the ASM software also manages authorizationinformation required by each user/database session. For HTTP-accesseddatabases, usually this includes sending a required set of sessioncookies defined during the search's authentication step. Thesubscription databases typically require these cookies as evidence ofprior successful user authentication. In addition the ASM software canmanage any other authentication-related attributes required for accesssuch as originating IP address, referring URL, username/passwordauthorization headers, and so on. All of these attributes are managedwithout awareness required of the user.

In yet a third aspect, the ASM software manages session attributesrequired for functional or contextual continuity. For example, preferredembodiments of the ASM software can handle a full-record URL link thatcan only be successfully displayed in a browser within an HTML frameset.The ASM software would then cause the user's browser to construct aframeset which would subsequently be used to fetch the target resourceURL. Especially preferred embodiments can also make adjustments to asession to accommodate database-specific browser requirements. Thus whenthe ASM software is managing a user's session, it can alter thetransaction headers sent to a database to satisfy certain browser-levelchecks made by some databases. Some databases check these incorrectly,but preferred embodiments of the present invention are able tocompensate in a manner completely transparent to the user.

The inventive subject matter can advantageously be implemented as anindependent service, which could handle full-record requests as aconsequence of a user searching databases using another component. Amongother things, the underlying ASM software for the service would packageand transfer all needed authentication and session context informationfrom the search component to perform a subsequent search among manydatabases. In preferred implementations, the base code used to managesearch activity packages up all relevant context information describedabove (cookies, referring URLs, IP addresses, username/passwords,framesets, user-agent headers, etc.). When a user click's on afull-record link built by the search component, it causes all thecontextual information to be sent, along with the link, to the ASMsoftware for handling. The ASM software can then reconstruct the entirerelevant context and proceed with the user's request as if the entireauthentication/search/full-record request had been done through a nativebrowser session.

The packaging and transfer of session context information enablesconfiguration flexibility, in particular enabling the transparent remoteauthenticated access to subscription resources mentioned above. It alsomeans that the ASM software can run on a separate server from the searchcomponent. The context packaging and protocols can also be used forunique requirements not involving an initial search activity such asenabling remote user access directly to an institution's subscriptiondatabase without having to explicitly contend with any authenticationsteps.

Because the ASM software is the conduit for a session between auser/browser and a native subscription database, it is able to logtransaction activity to any level of detail. Logging information istypically used by institutions to track the amount of use each of itssubscription databases gets by all of its users. Detailed logginginformation can also be used to diagnose user session problems in amanner impossible had the ASM software not been present.

In an exemplary embodiment, the bundling of URL and context is done viaJavaScript functions and data components built into the search resultsby the search engine. Upon the user's action of selecting a URL toaccess (by clicking a hyperlink for example) JavaScript functionspackage the URL and context data into a standard HTTP POST methodtransaction sent via TCP over a network to the session service waitingto handle such requests.

Another embodiment keeps the logical association of URL and context databut breaks their physical proximity by incorporating a URL and referenceto the context rather than URL and context directly. This enables thecontext information to be stored independent of the user resultspresentation. The association between URL and context is then made viathe reference by the session service.

Many alternative embodiments exist for various aspects of the sessionservice. While the exemplary embodiment implies that the session serviceis separate and independent of the search service, it can in fact resideco-resident on the same server, on a different server, or could befunctionally incorporated into the search service itself.

In all cases, the common aspects of the embodiments include the searchservice's building of contexts during search activities, creatingURL/context representations and logical associations during theconstruction of the search results, the use of the URL/context dataassociations by the session service, and the enabling of a continuingvirtually-native dialog between user and database by way of thestate-managed session service.

Reference to the remaining portions of the specification, including thedrawings and claims, will realize other features and advantages of theinventive subject matter. Further features and advantages of theinventive subject matter, as well as the structure and operation ofvarious embodiments of the inventive subject matter, are described indetail below with respect to accompanying drawings, like referencenumbers indicate identical or functionally similar elements.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified schematic diagram showing an exemplary embodimentof the present invention;

FIG. 2 is a diagram showing a first exemplary embodiment of a userinterface in accordance with the present invention;

FIG. 3 is a diagram showing a second exemplary embodiment of a userinterface in accordance with the present invention;

FIG. 4 is a diagram showing a third exemplary embodiment of a userinterface in accordance with the present invention;

FIG. 5 is a simplified flow diagram illustrating operation of anexemplary embodiment of the present invention; and

FIG. 6 is a simplified flow diagram further illustrating one aspect ofoperation as shown in FIG. 5.

FIG. 7 is a simplified logical representation of a results page such asshown in FIG. 3.

FIG. 8 is a diagram of an exemplary embodiment illustrating the overallsearch, selection, and virtual native access to a database.

DESCRIPTION

FIG. 1 is a simplified schematic diagram showing an exemplary embodimentof the present invention. In this exemplary embodiment, the system 10includes a user interface 12, a control engine 14, and a number oftranslators 16 a-h.

In an exemplary embodiment, the system 10 including the user interface12, the control engine 14 and the translators 16 a-h is implementedusing computer software in either an integrated or modular manner. Itshould be understood that the system 10 may be implemented usingsoftware, hardware, or a combination of both. Based on the disclosureprovided herein, a person of ordinary skill in the art should know ofother ways, methods and techniques to implement the present invention.

Preferably, the system 10 resides on a single server (not shown).However, it should be understood that the system 10 need not reside on asingle server. Different parts of the system 10, such as the userinterface 12, the control engine 14 and the translators 16 a-h may bemade to reside on different servers depending on the designspecifications and requirements. Furthermore, the server can be aninternal server maintained by the user's company or a server maintainedby the ISP of the user's company or any server that is accessible via acomputer network.

In FIG. 2 an exemplary embodiment of the user interface 12 is shown. Inthe exemplary embodiment, the user interface 12 allows a user to enterthe desired search term(s) and other pertinent information for his/hersearch. The user interface 12 can be designed to allow the user toselect different search strategies. For example, both novice key wordsearch and advanced multi-term Boolean search can be provided asoptions.

Furthermore, the user interface 12 also allows the user to select orspecify one or more of the available databases where the search is to beconducted. For example, the user may specify to search databases fromvarious database providers such as Compendex.RTM., Derwent.RTM., ABIInfom/ProQuest.RTM., Disclosure, and PR Newswire. Referring to FIG. 1,the user may via the user interface 12 select or specify databases 18a-c and 18 f to be searched.

By using the user interface 12, the search term(s) only need to beentered once for a single search. As a result, the user can obviate theneed to repeatedly enter the same search term(s) where more than onedatabase is to be searched. The search term(s) and other pertinentinformation entered by the user are then passed by the user interface 12to the control engine 14. As will be explained further below, thecontrol engine 14 then forwards the search term(s) and other pertinentinformation to each of the translators 16 which corresponds to thespecified databases 18 thereby enabling the translators 16 to access thespecified databases 18. For example, assuming that translators 16 a-cand 16 f correspond to databases 18 a-c and 18 f, if the user specifiesto have databases 18 a-c and 18 f searched, then the control engine 14forwards the search term(s) and other pertinent information totranslators 16 a-c and 16 f.

In one embodiment, the user interface 12 is implemented using a standardweb browser, such as the Microsoft.RTM. Internet Explorer.RTM., theNetscape.RTM. Navigator.RTM., and the like. It should be understood thatwhile only one user interface 12 is shown herein, a multitude ofinterfaces 12 can be implemented to allow multiple users to conducttheir respective searches concurrently. For example, the user interface12 can be made available on a company intranet via a clickable icon. Oneor more users can click on the icon thereby allowing respective searchesto be performed on one or more of the available databases 18 a-h.

In FIG. 3 the user interface 12 further displays the results of thesearch to the user. For example, the search results are shown to theuser in a summary format using hyperlinks. Hyperlinks may be implementedusing HTML but other presentation or markup languages such as DHTML,XML, etc. can be used. The results displayed to the user areconsolidated results retrieved from the various specified databases. Aswill be explained further below, the control engine 14 receives therespective results from the translators 16 a-h and consolidates suchresults for presentation to the user via the user interface 12.

In FIG. 4, the user interface 12, upon selection of a correspondinghyperlink by the user, also displays the corresponding full record of asearch result to the user. As mentioned above, the search results may beshown to the user in a summary format using hyperlinks. If the userdesires to learn more about a particular search result, the user maysimply click on the corresponding hyperlink to view the correspondingfull record. As will be explained further below, the translators 16create the respective hyperlinks which correspond to the search resultsthereby allowing the user interface 12 to display the corresponding fullrecord accordingly upon activation of the corresponding hyperlink.

In an alternative embodiment, the user interface 12 is implemented inthe form of a user agent such as an application program. Similarly, theuser agent is configured to receive search information and otherpertinent information, either from a user or from any other source suchas another application program. Furthermore, upon receiving the searchresults from the control engine 14, the user agent may further processsuch search results. Based on the disclosure provided herein, a personof ordinary skill in the art will know of ways, methods and techniquesto implement the user interface 12 in accordance with the presentinvention.

The control engine 14 generally manages and controls operation of thesystem 10. As mentioned above, the control engine 14 forwards the searchterm(s) and other pertinent information received via the user interface12 to all translators 16 which correspond to the specified databases 18.In an exemplary embodiment, the control engine 14 is multi-threaded,which means that a new thread of execution is spawned to run a searchfor each of the specified databases 18 a-h. By having the multi-threadedfunctionality, the control engine 14 allows multiple searches to be runin parallel. That is, all search requests to the respective specifieddatabases 18 a-h can be formulated and executed concurrently. In oneembodiment, the control engine 14 is implemented using Microsoft'sVisual C++. However, based on the disclosure provided herein, it shouldbe apparent to a person of ordinary skill in the art that other computerlanguages, such as JAVA, can be used to implement the control engine 14in accordance with the present invention.

The control engine 14 consolidates all the results received from thetranslators 16 a-h. The consolidated results represent the collectivesearch results retrieved from the various specified databases 18 a-h.Preferably, the consolidated results are formatted using presentation ormarkup language such as HTML. The consolidated results are thenforwarded to the user interface 12 to effectuate the appropriate displayaccordingly.

Access to the specified databases 18 a-h is accomplished via thetranslators 16 a-h. Each translator 16 is tailored specifically tointeract with a corresponding database 18. The databases 18 a-h whichcorrespond to the translators 16 a-h can either be Web-accessible orlocally accessible. For example, referring to FIG. 1, databases 18 a-eare accessible via the Web and databases 18 f-h are databases which areconnected to a company's internal network and are not accessible to theoutside world.

As mentioned above, each database is accessed via a database interface.Such database interface is typically different for each database. Forexample, for Web-accessible databases, these databases may have databaseinterfaces which are capable of handling communications and interfaceprotocols such as HTTP, telnet, Z39.50 or others; and for locallyaccessible databases, these databases may have database interfaces whichare capable of handling communications and interface protocols such asMicrosoft.RTM.'s ODBC standard or other vendor specific standards. Itshould be noted that a database interface can be implemented in variousforms. For example, a database interface can be a search engine or othersearching mechanism which can be used to search or access a database. Aperson of ordinary skill in the art will know of ways, methods andtechniques to implement a database interface.

Since each translator 16 is tailored to interact with a correspondingdatabase 18, each translator 16, therefore, contains specific knowninformation about the corresponding database interface including, forexample, information relating to log-ins and search request syntax andformat. The specific information about the corresponding databaseinterface can be obtained, for example, by identifying different words,terms and formatting code used in a response received from thecorresponding database. For instance, such information may be obtainedfrom a HTTP response received from a database interface which isWeb-accessible. The specific information about a corresponding databaseinterface can also be obtained from the database providers or othersources.

Using the information, such as the search term(s), received from theuser via the user interface 12 and the specific information pertainingto a corresponding database interface, the translator 16 first contactsthe corresponding database interface to perform any required steps tosatisfy database authorization requirements in order to establish aconnection to the corresponding database 18. Once the connection isestablished, the translator 16 then formulates a search request which isrecognizable by that corresponding database 18. In an exemplaryembodiment, the translator 16 uses HTTP to establish the databaseconnection and transmit the search request to that correspondingdatabase 18. Referring to FIG. 1, for example, translator 16 a canforward a search request to corresponding database 18 a using HTTP viathe Internet.

After the corresponding database 18 performs the search pursuant to thesearch request, the search results are returned to the correspondingtranslator 16. Similarly, in an exemplary embodiment, the search resultsare encoded using HTML. It should be understood that the search resultscan be encoded in other presentation or markup language and that thecorresponding database 18 and translator 16 can communicate with oneanother using other communications and interface protocols.

After the search results are returned from the corresponding database18, the translator 16 parses the search results to create a number ofsummary statistics and records and corresponding hyperlinks. The summarystatistics and records and the corresponding hyperlinks are thenforwarded to the control engine 14. The summary statistics and recordsand the corresponding hyperlinks are formatted using HTML, DHTML, XML orother appropriate markup language.

As described above, the control engine 14 consolidates the summarystatistics and records and the corresponding hyperlinks received fromall the translators 16 a-h. The consolidated results are then forwardedto the user interface 12 to generate the appropriate display. Theconsolidated results represent the collective search results retrievedfrom the various specified databases.

FIG. 5 is a simplified flow diagram illustrating operation of the system10. At 500, the user via the user interface 12 provides the searchterm(s) or search query and other pertinent information and specifieswhich ones of the available databases 18 a-h are to be searched. Forexample, the user can specify that databases 18 a-c are to be searched.

At 510, the control engine 14 forwards the search term(s) and otherpertinent information to the appropriate translators 16 which correspondto the specified databases 18. For example, if the user specifies thatdatabases 18 a-c are to be searched, then translators 16 a-c receive thesearch term(s) and other pertinent information from the control engine14.

At 520, the appropriate translators 16 contacts and forwards the searchterm(s) and other pertinent information to their respective specifieddatabases 18 so as to enable searches to be performed in the specifieddatabases 18. Additional details of this step is further provided below.

At 530, search results are received from the specified databases 18 bythe corresponding translators 16. After receiving the respective searchresults from the corresponding databases 18, each translator 16 parsesand tallies the search results returned from its corresponding database18 and generate any desired summary statistics and records andcorresponding hyperlinks. Summary statistics may include, for example,number of search results retrieved from each database 18. Thetranslators 16 then forward the respective summary statistics andrecords and corresponding hyperlinks to the control engine 14. Thecontrol engine 14 consolidates such summary statistics and records andcorresponding hyperlinks and forwards the consolidated results to theuser interface 12.

At 540, the control engine 14 also logs and records all the transactioninformation to a transaction log.

At 550, the user interface 12 displays the consolidated resultsaccordingly.

FIG. 6 is a simplified flow diagram which further illustrates theoperation of step 520 for each appropriate translator 16. At 600, atranslator 16 parses the search term(s) received from the control engine14.

At 610, the translator 16 submits specific login and authorizationinformation in order to establish access to the database interface ofthe corresponding database 18. Upon verification of the login andauthorization information, session authentication information isreturned to the translator 16.

At 620, upon verification of the login information and establishingaccess, the translator 16 then incorporates the search term(s) and otherpertinent information into a search request which is recognizable by thecorresponding database 18. As mentioned above, the search request isformulated specifically so as to allow it to be understood by thedatabase interface of the corresponding database 18.

At 630, the search request and the session authentication informationare transmitted to the database interface of the corresponding database18. The search request is then carried out in the corresponding database18.

At 640, search results are returned from the corresponding database 18to the translator 16. The translator 16 parses the results into summarystatistics and records. In an exemplary embodiment, the summarystatistics and records are formatted in HTML.

At 650, the translator 16 further creates a number of hyperlinks whichare linked to the summary records respectively. In the event that asummary record also has a corresponding full record, a hyperlink is alsocreated to link the summary record and the corresponding full recordtogether.

At 660, the translator 16 returns the summary statistics and records andall the created hyperlinks to the control engine 14 for consolidationwith other summary statistics and records and hyperlinks received fromother translators 16.

The following example further illustrates the operation of the system10. Referring to FIG. 1, assume that translators 16 a-h are tailoredspecifically to interact with databases 18 a-h respectively. A user viathe user interface 12 enters the desired search term(s) and otherpertinent information and specifies that the search be conducted indatabases 18 a-c and 18 f.

The control engine 14 then forwards the search term(s) and otherpertinent information to translators 16 a-c and 16 f. Upon receiving thesearch term(s) and other pertinent information, translators 16 a-c and16 f first concurrently contact database interfaces of databases 18 a-cand 18 f respectively to establish access connections.

When the access connections are established, translators 16 a-c and 16 feach perform necessary authorization steps so as to ensure that searchesin the corresponding databases 18 a-c and 18 f can be conducted.Translators 16 a-c and 16 f then each incorporate the search term(s) andother pertinent information into a search request which is recognizableby their respective databases 18 a-c and 18 f. For example, the searchrequest generated by translator 16 a may utilize HTTP if database 18 ais HTTP compatible; the search request generated by translator 16 b mayutilize telnet if database 18 b is accessed using telnet; the searchrequest generated by translator 16 c may utilize Z39.50 if Z39.50 isused to access database 18 c; and the search request generated bytranslator 16 f may utilize ODBC if database 18 f is designed usingODBC.

The search requests generated by translators 16 a-c and 16 f are thencarried out in the respective databases 18 a-c and 18 f. The searchresults from each of the databases 18 a-c and 18 f are then returned totranslators 16 a-c and 16 f respectively.

Each of translators 16 a-c and 16 f then parses the search results intosummary statistics and records. In the event that there is acorresponding full record associated with a summary record, a hyperlinkis created to link the summary record and the corresponding full recordtogether. Translators 16 a-c and 16 f then forward all their respectivesummary statistics and records and hyperlinks to the control engine 14for consolidation and display by the user interface 12.

In an exemplary embodiment, the system 10 further manages and controlsauthentication when databases 18 a-h are accessed by the translators 16a-h. Each of the translators 16 a-h, before submitting a search requestto its corresponding database, needs to establish an authenticatedsession with that database. The translator 16 performs the requiredsequence of page fetches, cookie management, and session ID managementrequired to authenticate. Each database 18 is different and thetranslator 16 meets the specific requirements for that database.Sometimes this is simple, such as a userID/password login, and sometimesit can be quite complex involving a series of multiple Web page requestswith both session IDs and cookies involved. The authentication processis executed without any user interaction.

The translator 16 can perform the authentication task much faster than auser with a browser would be able to because of a variety ofoptimizations used by the translators 16. These include ignoringnonessential Web page elements such as graphics, extraneous frames,etc.; the avoidance of nonessential steps that users otherwise would gothrough; caching of authentication information for multiple queries; anduse of various network transaction optimizations such as redirecttruncation, persistent connections, etc.

Translators 16 are designed to handle those databases 18 that provideboth userID/password and IP authentication to meet different clientneeds. IP authentication is a mechanism by which the database onlyaccepts connections from clients with specific Internet addresses suchas a library or corporate network used by a subscriber. Thus the sametranslator 16 can be used in one environment that uses userIDs andpasswords, and in a different environment where IP authentication isused. One search may involve the simultaneous use of several translators16 using a variety of userID/password and IP authenticated mechanisms.This is all done in a manner that is totally transparent to the user.

In another exemplary embodiment, the system 10 includes anauthentication manager. The authentication manager provides a means toaccess user authentication information stored in a central database.This enables, for example, a user to authenticate once to the system 10using his/her library card number. The authentication manager thenaccesses a central database to acquire authentication information usedto gain database access on the user's behalf. As a result, the system 10is able to not only control access by users but to authenticate them inan appropriate manner to the various databases 18 a-h.

In addition, the system 10 allows subsequent user requests such asfetching and displaying the next group of search results and fetchingand displaying the full text for a selected search result. Like theoriginal search, these activities need to incorporate properauthentication. The original search generates the session IDs andcookies for authentication and the translator 16 builds hyperlinks tothe next-set and full-text resources using the authenticationinformation. This is unlike the native direct database search where asingle client session interacts with the database 18. Instead, thesystem 10 is working on behalf of many users in order to manage theauthentication information for all the users simultaneously. This isaccomplished by routing the next-set and full-text links back throughthe translator 16 and attaching the authentication information as extralink parameters. By attaching session information to the link, thesystem 10 is able to correctly manage large numbers of simultaneoussessions.

FIG. 7 shows the components of the search results exemplified in FIG. 3.At 700 a search returning one or more results from one or more databasesincludes, in the results presentation, a set of Uniform ResourceLocators (URL) at 710 that may, for example, be incorporated ashyperlinks on an HTML page.

Each URL is logically associated with an access/session context at 720consisting of all data components required to gain access to the URL(such as proxy server, IP address, referring URL, authorization cookies,and so on) and session information describing the current state of thesession (such as encompassing HTML frameset, session cookies, user-agentstring, and so on). There is a one-to-one relationship betweenaccess/session contexts and databases returning search results. There isa many-to-one relationship between URLs and a context. Thus many URLscan be associated with one access/session context representing thedatabase.

At 730 the search results presentation also includes information aboutwhere the session service is located that can subsequently be used toaccess components represented by the URLs for that search set.

At 740, when a user selects a specific URL to access, the URL is bundledwith its associated access/session context in 750 and sent to thesession service that will enable access to the database resourcespecified in the URL. In the exemplary embodiment, the bundling of URLand context is done via JavaScript functions and data components builtinto the search results by the search engine. Upon the user's action ofselecting a URL to access (by clicking a hyperlink for example)JavaScript functions package the URL and context data into a standardHTTP POST method transaction sent via TCP over a network to the sessionservice waiting to handle such requests.

FIG. 8 is a simplified overview of an entire search and database accessincorporating both the search service to search multiple databasesconcurrently on behalf of the user, and the subsequent access to aparticular database URL performed on behalf of the user by the sessionservice.

At 800 is a simplified representation of a search interface (shown indetail in the example in FIG. 2) used to select multiple databases asthe object of a user search. At 810, the search service accepts therequest, performs required user authentication, looks up accessinformation for each of the participating databases, and assignsparticipating translators the task of performing the dialog with theirrespective databases at 820 to authenticate, perform the specifiedsearch, and parse the results.

At 830 the search service has packaged up the search results forpresentation directly or indirectly to the user. The results packageincludes the data elements and functions described for FIG. 7.

When a user selects one of the search result URLs for viewing (such asby clicking a hyperlink on the HTML page), the associated data elementsare packaged at 840 and sent to the specified session service at 850.

The session service parses the URL and context components, storing thecontext into its own internal database at 860 for use throughout auser/database dialog. It then connects to the target database, uses thesession context information to reestablish the database state, andrequests the data specified in the URL. When the database returns thedata (usually HTML and related components), the session service rewritesany imbedded URLs to point back to the session service rather thandirectly to the database. This enables the session service to maintainthe access and state information for the lifetime of the user/databasedialog.

At 860, the user is presented with what appears to be the database'snative content. Because of the internal links being rewritten, and thesession state being maintained by the session service, the user is ableto continue using this virtually native dialog transparently through thesession service as if using the native database directly.

Many alternative embodiments exist for various aspects of the sessionservice. While the exemplary embodiment implies that the session serviceis separate and independent of the search service, it can in fact resideco-resident on the same server, on a different server, or could befunctionally incorporated into the search service itself.

The data elements used to initiate a virtual database dialog, consistingof the URL and context components, can be embodied in a number of ways.Alternatives in use include HTML data and JavaScript function calls,JavaScript data structures with JavaScript function calls, and XML datamarkup with external parser and application logic. The means by whichthe URL/context information is packaged and managed is irrelevant aslong as the user agent is able to build the HTTP POST request to thesession service including the data elements in the expected format.

Another embodiment keeps the logical association of URL and context databut breaks their physical proximity by incorporating a URL and referenceto the context rather than URL and context directly. This enables thecontext information to be stored independent of the user resultspresentation. The association between URL and context is then made viathe reference by the session service.

In all cases, the common aspects of the embodiments include the searchservice's building of contexts during search activities, creatingURL/context representations and logical associations during theconstruction of the search results, the use of the URL/context dataassociations by the session service, and the enabling of a continuingvirtually-native dialog between user and database by way of thestate-managed session service.

Thus, specific embodiments and applications of systems and methods formanaging database authentication and sessions have been disclosed. Itshould be apparent, however, to those skilled in the art that many moremodifications besides those already described are possible withoutdeparting from the inventive concepts herein. The inventive subjectmatter, therefore, is not to be restricted except in the spirit of theappended claims. Moreover, in interpreting both the specification andthe claims, all terms should be interpreted in the broadest possiblemanner consistent with the context. In particular, the terms “comprises”and “comprising” should be interpreted as referring to elements,components, or steps in a non-exclusive manner, indicating that thereferenced elements, components, or steps may be present, or utilized,or combined with other elements, components, or steps that are notexpressly referenced.

1. A database authentication and session management system that managesauthorization and session for a user to access and search a plurality ofdatabases, including: at least one processor; a memory embedded withcomputer instructions that are executed by the at least one processor,the executed computer instructions perform steps comprising: bundlingauthentication and functional session context information for each ofthe plurality of databases in response to a search request, wherein thebundled packaged authentication and functional session contextinformation includes log-in information and session information, thebundled authentication and functional session context information isunique to a user session and each database returning search resultscorresponding to the search request, and is associated with anyfull-record URLs targeted to each database; transferring the bundledauthentication and functional session context information of each of theplurality of databases, along with a target URL associated with thedatabase, to a session manager for management of a full-record nativedatabase session for each of the plurality of databases associated withthe target URL; reconstructing and managing the user session for each ofthe plurality of databases associated with the corresponding target URLwithin the session manager, using the authentication and functionalsession context information that enables full-record access to each ofthe plurality of databases associated with the corresponding target URLwithout re-authenticating or backtracking within a session dialog. 2.The database authentication and session management system of claim 1,wherein the executed computer instruction further loggingsession-context-sensitive incidents of user activity within theplurality of databases.
 3. The database authentication and sessionmanagement system of claim 1, wherein the authorization and session ismanaged in manner that occurs transparently and automatically from aperspective of the user.
 4. The database authentication and sessionmanagement system of claim 1, wherein a plurality of disparateauthorization and session is managed.
 5. The database authentication andsession management system of claim 1, wherein the transferring occurstransparently to the user.
 6. The database authentication and sessionmanagement system of claim 1, wherein the executed computer instructionsfurther perform: automatically compensating for user/database browsermismatches and diagnosing user session malfunctions caused by networkconfiguration problems, firewall configuration problems, and proxyproblems.
 7. The database authentication and session management systemof claim 1, wherein the plurality of databases is queried via a searchinterface; the search request is received from the search interface inan access manager; user authentication is performed by the accessmanager; access information and session information is obtained for eachof the plurality of databases via the access manager; a search of theplurality of databases corresponding to the search request is performedvia the access manager; search results from the plurality of databasesare parsed via the access manager, wherein the search results includestarget URLs in the bundled authentication and functional session contextinformation; a selected search result is received in a context manager;the bundled authentication and functional session context informationand target URLs are parsed by the context manager; the bundledauthentication and functional session context information is stored inan internal database of the context manager; data in the plurality ofdatabase is requested and obtained via the context manager; and avirtual native database dialog is presented in a search resultinterface, wherein the virtual native database dialog appears to be thenative content of the database corresponding to the selected searchresult.